Agents

Device Agent Overview

Device agents handle configuration management, device-to-server communication, and telemetry collection. If you’re not using Apstra ZTP to bootstrap your devices (or if you have a one-off installation) you can use this device installer to automatically install and verify devices. You can install device agents in the following ways:

  • on-box - agent is installed on the device
  • off-box - agent is installed on the Apstra server and communicates with devices via API

The types of agents supported on devices are as follows:

On-box and Off-box Agent Support
Device On-box Off-box
Juniper Junos No Yes
Cisco NX-OS Yes Yes
Arista EOS Yes Yes
Cumulus Linux Yes No
Enterprise SONiC Yes No

For information about retaining pre-existing configuration when bringing devices under Apstra management, see Configuration Lifecycle.

Important

On some platforms (Junos for example) you can configure rate-limiting for management traffic (SSH for example). When the Apstra server interacts directly with devices it can be more bursty than when it interacts with a user. Rate-limiting configurations that are used for hardening security can impact device management, and lead to deployment failures and other agent-related issues.

Agents include the following parameters:

Agent Creation Parameters
Parameter Description
Device addresses Management IP(s) of the device(s)
Operation Mode
  • Full Control - deploys configuration and collects telemetry
  • Telemetry Only - configuration is not deployed
Platform (off-box only) For off-box agents only: enter the platform exactly as follows for your platform: junos, nxos, eos.
Username / Password If you’re not using an agent profile with credentials, check these boxes and add credentials.
Agent Profile If you don’t want to manually enter credentials and packages, use agent profiles that you previously defined.
Job to run after creation
  • Install (default) - installs the agent on the device
  • Check - creates the agent, but does not install it. It appears in the list view where you can install it later.
Install Requirements (servers only) For servers only: If servers don’t have Internet connectivity, uncheck the box.
Packages Before creating the agent, install required packages so they are available. Packages associated with selected agent profiles are listed here as well.
Open Options (off-box only) For off-box only: Passes configured parameters to the off-box agent. For example, to use HTTPS as the API connection from the off-box agent to the device API, use the following key-values: proto-https, port-443.

From the left navigation menu, navigate to Devices > System Agents > Agents to see the agent list view.

_images/agent_330.png

Creating On-box Agent

To create on-box agents, you must have full admin / root privileges. We recommend creating a dedicated user on the device using ZTP or other means. Make sure that:

  • Devices have login credentials.
  • The management network has IP connectivity between the Apstra server and devices.
  • Required packages have been uploaded.

Before creating/installing on-box device agents on Cisco NX-OS and Arista EOS, configure the following minimum configuration on them as shown below. (Cumulus Linux and SONiC Enterprise have no specific configuration requirements other than Management Network and privileged user access.)

Cisco NX-OS On-box Agent Minimum Configuration
!
copp profile strict
!
username admin password <admin-password> role network-admin
!
vrf context management
  ip route 0.0.0.0/0 <management-default-gateway>
!
interface mgmt0
  ip address <address>/<cidr>
!
Arista EOS On-box Agent Minimum Configuration
!
service routing protocols model multi-agent
!
aaa authorization exec default local
!
username admin privilege 15 role network-admin secret <admin-password>
!
interface Management1
   ip address <address>/<cidr>
!
ip route vrf management 0.0.0.0/0 <management-default-gateway>
!
  1. Confirm that you’ve installed the minimum configuration as described above.
  2. From the left navigation menu, navigate to Devices > System Agents > Agents and click Create Onbox Agent(s).
  3. Specify agent details as described in the Device Agent Overview section above.
  4. Click Create. While the task is active you can view its progress at the bottom of the screen in the Active Jobs section. The job status changes from Initialized to In Progress to Succeeded.

Note

To collect telemetry from L2 servers (CentOS, Ubuntu) the management interface must be eth0. Telemetry is limited compared to data collected from network devices.

Before creating the agent, upload any required packages, such as for LLDP. When creating the agent, select TELEMETRY ONLY for Operation Mode. (Since L2 servers don’t establish L3 peering with leafs they can only collect telemetry.) Also, if you included packages, check the Install Requirements check box. When the L2 server has an installed agent, you can add it to a blueprint and deploy it the same as for any other device.

Creating Off-box Agent

Make sure that:

  • Devices have login credentials.
  • The management network has IP connectivity between the Apstra server and devices.
  • Required packages have been uploaded.
  • On Juniper devices, add Junos license configuration. (This is not the preferred method for adding license configuration. For more information, see Juniper Device Agent.)

Before creating/installing off-box device agents on Juniper Junos, Cisco NX-OS and Arista EOS, configure the following minimum configuration on them as shown below.

Juniper Junos Off-box Agent Minimum Configuration
system {
    login {
        user aosadmin {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "xxxxx";
            }
        }
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    management-instance;
}
interfaces {
    em0 {
        unit 0 {
            family inet {
                address <address>/<cidr>;
            }
        }
    }
}
routing-instances {
    mgmt_junos {
        routing-options {
            static {
                route 0.0.0.0/0 next-hop <management-default-gateway>;
            }
        }
    }
}

For more information, see Juniper Device Agent.

Cisco NX-OS Off-box Agent Minimum Configuration
!
feature nxapi
feature bash-shell
feature scp-server
feature evmed
copp profile strict
nxapi http port 80
!
username admin password <admin-password> role network-admin
!
vrf context management
  ip route 0.0.0.0/0 <management-default-gateway>
!
nxapi http port 80
!
interface mgmt0
  ip address <address>/<cidr>
!
Arista EOS Off-box Agent Minimum Configuration
!
service routing protocols model multi-agent
!
aaa authorization exec default local
!
username admin privilege 15 role network-admin secret <admin-password>
!
vrf definition management
   rd 100:100
!
interface Management1
   vrf forwarding management
   ip address <address>/<cidr>
!
ip route vrf management 0.0.0.0/0 <management-default-gateway>
!
management api http-commands
   protocol http
   no shutdown
   !
   vrf management
      no shutdown
!
  1. Confirm that you’ve installed the minimum configuration as described above.
  2. From the left navigation menu, navigate to Devices > System Agents > Agents, click the OFFBOX tab, and click Create Offbox Agent(s).
  3. Specify agent details as described in the Device Agent Overview section above.
  4. Click Create. While the task is active you can view its progress at the bottom of the screen in the Active Jobs section. The job status changes from Initialized to In Progress to Succeeded.

Uninstalling Agent

If you are uninstalling an agent because you want to remove a device from Apstra management, see the device guides (Removing Device) for the complete workflow.

  1. From the left navigation menu, navigate to Devices > System Agents > Agents and click the Uninstall button for the agent to uninstall.
  2. Click Confirm to start the uninstall process and return to the list view.

Editing Agent

Caution

Changing a user requires completely re-onboarding the device. Changing the password involves several steps that are not straightforward (changing the password on the device, device agents, and pristine config). If you require a password change, we recommend contacting Juniper Support.

  1. From the left navigation menu, navigate to Devices > System Agents > Agents and click the Edit button for the agent to edit.
  2. Make your changes (including package upgrades that you previously uploaded).
  3. Click Update to update the agent and return to the list view.

Deleting Agent

If you are deleting an agent because you want to remove a device from Apstra management, see the device guides (Removing Device) for the complete workflow.

  1. From the left navigation menu, navigate to Devices > System Agents > Agents and click the Delete button for the agent to delete.
  2. Click Delete to delete the agent and return to the list view.